Port 5900 (TCP) is the standard for VNC Remote Desktop. Port 5900 — default for VNC (Virtual Network Computing). 5901-5905 for displays :1-:5. VNC protocol has no TLS encryption by default, password is limited to 8 bytes (DES). Shodan
Below: what uses this port, security considerations, online check, FAQ.
Free online tool — ping & port checker: instant results, no signup.
VNC Remote Desktop
Port 5900 — default for VNC (Virtual Network Computing). 5901-5905 for displays :1-:5. VNC protocol has no TLS encryption by default, password is limited to 8 bytes (DES). Shodan finds millions of open VNC instances without auth.
VNC exposed on the internet = full desktop takeover. Always SSH tunnel (ssh -L 5900:localhost:5900 user@host). TigerVNC/RealVNC 6+ support TLS, but it is simpler to use Apache Guacamole or NoMachine with native auth.
Enterno.io Ping + Port checker tests TCP reachability of any port from 3 regions (Moscow / Frankfurt / Virginia).
Port 5900 (TCP) serves as the default communication channel for VNC (Virtual Network Computing) remote desktop connections. VNC is a graphical desktop-sharing system that allows users to remotely control another computer over a network. This protocol operates on a client-server model, where the VNC server runs on the host machine and the VNC client connects to it.
When a VNC client connects to a server on port 5900, it can access the server's desktop environment, enabling users to interact with the system as if they were physically present. The VNC protocol utilizes a series of display numbers to distinguish different sessions, with ports 5901 to 5905 corresponding to display numbers :1 to :5, respectively.
Given its wide adoption, VNC can be found in various applications, including remote technical support, remote access to desktop environments, and collaborative work sessions. However, it's crucial to understand the security implications of using VNC, particularly due to the protocol's lack of encryption by default.
While port 5900 facilitates convenient remote access through VNC, it also presents significant security risks. By default, the VNC protocol does not implement TLS encryption, leaving data transmitted over the connection susceptible to interception. Additionally, VNC passwords are limited to 8 bytes and are hashed using DES encryption, which is no longer considered secure.
To mitigate these risks, consider the following security practices:
ssh -L 5900:localhost:5900 user@remote_hostiptables -A INPUT -p tcp -s --dport 5900 -j ACCEPT Regularly update VNC software to patch known vulnerabilities and consider using a VNC implementation that supports more robust authentication and encryption mechanisms.
Configuring a VNC server to operate on port 5900 involves a few steps, depending on the operating system and VNC software in use. Below are practical examples for setting up a VNC server on both Linux and Windows.
For a typical Linux setup using TightVNC, follow these steps:
sudo apt install tightvncservervncserver :1echo "geometry=1024x768" >> ~/.vnc/xstartupvncserver -kill :1 && vncserver :1For Windows users with RealVNC, the configuration process is straightforward:
After these configurations, ensure to test the connection from a VNC viewer using:
vncviewer :5900 By following these steps, you can successfully establish a secure and functional VNC remote desktop connection over port 5900.
No, modern cloud providers (AWS, Google Cloud, Yandex) close all incoming ports by default. You must explicitly allow port 5900 in a Security Group or firewall.
Use <a href="/en/ping">Enterno Ping + Port Checker</a>. Or in shell: <code>nc -vz example.com 5900</code>.
Depends on the service. VNC Remote Desktop should never be exposed publicly without authentication + TLS. See <a href="/en/s/research-open-ports-exposure-2026">our 2026 exposure research</a>.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.